The W3C has announced a working draft of the new Privacy Policy standards.

These just-released documents are the first draft of a broad set of participants and stakeholders in the W3C Tracking Protection Working Group, which includes browser vendors, content providers, advertisers, search engines, as well as experts in policy, privacy, and consumer protection. The W3C organization is encouraging interested parties to review these early drafts.

The University of California at Berkely discovered that a large number of the web’s most popular sites are surreptitiously using a particularly sneaky cookie without informing users in their privacy policies. (SOURCE)

Everybody knows all about standard browser cookies, but Flash cookies are relatively unknown to most web users. Worse still, they are not controlled through the cookie privacy controls in a browser. So then even if a user believes that they have cleared their computer of all cookie like tracking objects, they most likely have not if they have visited a site that uses Adobe’s Flash cookie.

If you think that’s sneaky…

Several services were even using this surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ the report found. Like a bad zombie in a “B” movie, such cookies come back again and again even after you have used your best weapons to kill them. So even if you got rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

Even the government website, Whitehouse.gov showed up in the report, with researchers reporting they found a Flash cookie with the name “userId.” Whitehouse.gov does say in its privacy policy that it uses tracking technology but it does not mention Flash or tell users how to get rid of the Flash cookie. You like it when the government snoops on you, right?

The funny thing is that the Berkely study was to be used in the government’s proceeding about the use of cookies on federal websites. Federal websites have traditionally been banned from using tracking cookies, despite being common around the web — a situation the Obama administration wants changed.

Congress and federal regulators are looking at ways of controlling the online tracking and advertising industry, whom they feel have failed to make the industry transparent about when, how and why it collects data about internet users. Strangely enough, the government has done no better at this.

Third party advertising networks have previously agreed to a voluntary code of conduct. The code they proposed prohibits little and has no enforcement mechanism. So even with regard to sensitive health information, advertisers are free to collect as much information as they please, just as long as it does not involve an actual prescription.

Berkely’s Chris Hoofnagle, the Director of Information Privacy Programs at the Berkeley Center for Law and Technology tested the top 100 sites to see what their privacy policies said, what their tracking technology actually does and what happens if a user blocks the Flash cookie.

The 2009 study found that 54 of the top 100 Internet sites set Flash cookies, which vary from simply setting audio preferences to tracking users by a unique identifier. Some of these sites merely handle innocuous and useful functions, such as remembering the volume level you preferred when you watched a video or listened to song.

Adobe’s Flash software is installed on an estimated 98 percent of personal computers. Some of the web’s most popular sites depend upon it, such as YouTube, Facebook and Hulu. Every time you see a YouTube video, you are using Flash.

Adobe’s Flash cookie lets a site store up to 100K of information. That’s about 25 times more than what a browser cookie can hold. Pandora.com uses the Adobe Flash cookie’s storage capability to preload portions of songs or videos to deliver smooth and fast playback.

All modern browsers include controls that let users decide what cookies to accept and which to eliminate. Flash cookies are handled differently and do not abide by these rules or controls. These are fixed through a web page on Adobe’s site, where the controls are not easily understood (There is a panel for Global Privacy Settings and another for Website Privacy Settings — the difference is unclear). In fact, the controls are so odd, the page has to tell you that it is the control, not just a tutorial on how to use the control.

Defenders of behavioral ads say that privacy shouldn’t be a concern since cookies really identify a browser, not a person. Moreover, they argue that users would prefer to have relevant ads. Targeted Behavioral Ads could also help save online journalism. Under this theory, Google text ads don’t work on a news story about the governor raising the sales tax, since there’s no product that goes with that context. But if the site knew the reader was in the market for a car, it could show an ad for the new Lexus and earn much more.

Tools:

Users who want to control or investigate Flash cookies have several options:

With all of these resources for Site Monetization, we are being asked which networks are the best for monetizing your website. The leader of the market and 900 pound Gorilla – so to speak – is Google Adsense.

But Adsense is not the only way to monetize a site. Here is a list of over 100 ways you can monetize your website. Be sure to use the correct Privacy Policy so as not to violate your parters’ TOS (Terms of Service).

PPC

Google AdSense – Adsense is the most popular PPC network as well as one that can deliver the most revenue.Yahoo Publisher Network – Yahoo’s AdSense alternative.Chitika – eMiniMalls is not a typical PPC program, it is different kind of pay-per-click product promotion.Kanoodle – A second-tier PPC option as opposed to Google and Yahoo.Ads-Click – You set the price per click for ads showing on your site.AdBrite – Control and customization options.ABC Search – Another 2nd-tier option.BidVertiser – Large network PPC program.Clicksor – Contextual ads program.Qads – Ad program from Qumana.PeakClick – Pays in Euros.DoubleClick – Another targeted PPC
option.RevenuePilot – Keep 60% of the revenue.Search Feed – Another option for targeted PPC ads.Targetpoint – For publishers of all sizes.OneMonkey – Keep 80% of the revenue.Miva MC – PPC ads plus the option for contextual PPD ads.ClickBooth – Claims to have the highest payout in the industry.

Banner Ads

AdEngage – Not a typical banner ad, the’re photo ads with text.AdDynamix – Also offers other options besides just banners.BannerBoxes – Your keep 75% of the revenue from each click.

Parked Domains

Random/Various

The News Room – Make money by placing news items on your site.Tribal Fusion – Represents the advertising for selectively approved websites.IndustryBrains – Has a few different options that would fall into various categories above.Adknowledge – Options for email, web, and search engine inventory.Yesadvertising – Lots of options, including contextual ads, email, banners and pop-unders.ValueMedia – Several different options, including video.Auction Ads – Make money by displaying Ebay items.IntelliTXT – Contextual ads that include video.PremierAd – Lots of different options. You keep 80% of ad revenue.BurstMedia – A variety of different options.Advertising.com – Multiple options, including video ads.Openads – Online advertising software.Casale Media – You choose what type of ads you want on your site.VC Media – CPC or CPM options.Ads by RSS – Places ads on your website, using RSS.AdSpaceAuctions – Sell ad space on your website through an auction.TextMarks – Monetize your blog with text message alerts.

Sell Ad Space

AdSonar -Provide content-targeted ads.BlogAds – You control the ads that appear on your site.Crisp Ads – name your price for direct sponsors.ADSDAQ – Choose your asking price for ads and ADSDAQ matches you with advertisers.AdVolcano – Set your own prices and ad sizes.

A privacy policy is a legal document that discloses some or all of the ways a website gathers, uses, shares, discloses and/or manages a website visitor’s data. The exact contents of a privacy policy will depend upon the applicable law and may need to address the requirements of multiple countries or jurisdictions. Many advertising networks require their partners to publish a Privacy Policy on their website. There is no universal one-shot catch-all Privacy Policy for all uses, but most visitors to this site are primarily interested in the Privacy Policy required by publishers using Google Adsense’s PPC (Pay-Per-Click) program.

The European Union’s Directives

In 1995 the European Union (EU) introduced the Data Protection Directive for its member states. As a result, many organizations doing business within the EU began to draft policies to comply with this Directive. In the same year the U.S. Federal Trade Commission published the Fair Information Principles, which provided a set of non-binding governing principles for the commercial use of personal information. While not mandating policy, these principles provided guidance of the developing concerns of how to draft privacy policies. Both the EU and US Governments are worriedly preparing to legislate rules and regulations regarding privacy on the Internet.

FTC Fair Information Practice

There are four critical issues identified in Fair Information Practice:

Choice – consumers must be given options with respect to whether and how personal information collected from them may be used for purposes beyond those for which the information was provided

Access – consumers should be able to view and contest the accuracy and completeness of data collected about them

Security – data collectors must take reasonable steps to assure that information collected from consumers is accurate and secure from unauthorized use.

In addition to the above, the principles elaborate the need for enforcement mechanisms to impose sanctions for noncompliance with these fair information practices.

Current enforcement in the United States.

The United States does not have a federal regulation establishing the implementation of privacy policies. Congress is considering comprehensive laws regulating the collection of information online, such as the Consumer Internet Privacy Enhancement Act and the Online Privacy Protection Act of 2001, but none have been enacted.

In many cases, private parties enforce the terms of privacy policies by filing class action lawsuits, which may result in settlements or judgements.

Applicable US law

While no generally applicable law exists, some federal laws govern privacy policies in specific circumstances, such as:

The Children’s Online Privacy Protection Act (COPPA)This law affects websites that collect information about or target at children under the age of 13. Any such websites must post a privacy policy and adhere to enumerated information-sharing restrictions. COPPA includes a Safe Harbor provision to promote industry self regulation.

The Gramm-Leach-Bliley Act This requires that institutions “significantly engaged in financial activities” give “clear, conspicuous, and accurate statements” of their information-sharing practices. The Act also restricts the use and sharing of financial information.

Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules
This requires notice in writing of the privacy practices of health care services. This requirement also applies if the health service is electronic or online.

The Internet Privacy Act
There is no such thing as “The Internet Privacy Act”. The Internet Privacy Act is a non-existent law cited by websites that conduct illegal activities in an attempt to scare off organizations or regulators that look to prosecute such activities. Networks, search engines and torrent sites which share or pirate music, films and software, for example, will often display the fictitious act in an attempt to protect themselves from arrest by being able to claim entrapment in court. In the statement, websites try to claim that it prevents organizations which may be associated with anti-P2P (Peer-To-Peer) or government organizations from entering the site or network as it would breach the terms of the act. Nobody is really fooled by this, least of all, law enforcement.

According to the statement which many sites display, it was signed by Bill Clinton in 1995, but in reality he never signed the act as it never existed.

You can see this or similar text on many such piracy sites:

If you are affiliated with any government, police, anti-piracy group or other related group or working for Adidas, Manolo Blahnik, Converse, Louis Vuitton, Chanel, Burberry, Hermes, Prada, Air Jordan, Nike, Timberland, Gucci, Cartier, Oakley either directly or indirectly, or any other related group, or were formally a worker, you CANNOT enter these web pages, links, nor access any of its files and you cannot view any of the HTML files. If in fact you are affiliated or were affiliated with the above said companies, by entering this site you are not agreeing to these terms and you are violating code 431.322.12 of the Internet Privacy Act signed by Bill Clinton in 1995 and that means that you CANNOT threaten our ISP(s) or any person(s) or company storing these files, and cannot prosecute any person(s) affiliated with this website.

US State Laws
Some states have implemented more stringent regulations for privacy policies. The California Online Privacy Protection Act of 2003 – Business and Professions Code sections 22575-22579 requires “any commercial web sites or online services that collect personal information on California residents through a web site to conspicuously post a privacy policy on the site”.

Nebraska and Pennsylvania also have laws treating misleading statements in privacy policies published on Web sites as deceptive or fraudulent business practices.

The European Union

There are significant differences between the EU data protection and US data privacy laws. These standards must be met not only by businesses operating in the EU, but also by any organization that transfers personal information collected concerning citizen of the EU. In 2001 the United States Department of Commerce worked to ensure legal compliance for US organizations under an opt-in Safe Harbor Program. The FTC has approved eTrust to certify streamlined compliance with the US-EU Safe Harbor.

Online Privacy Certification Programs

Online Certification or “Seal” programs are an example of industry self-regulation of privacy policies. Seal programs usually require implementation fair information practices as determined by the certification program and may require continued compliance monitoring. TRUSTe, was one of the first online privacy seal program, with thousands of members. Other online seal programs include the Trust Guard Privacy Verified program, eTrust, and Webtrust.

Technical implementation

Some websites also define their privacy policies using P3P or the Internet Content Rating Association (ICRA), allowing visitors to automatically assess the level of privacy offered by the site, and allowing access only when the sites’ privacy practices are in line with the users’ privacy settings. These technical solutions do not guarantee that the websites actually follows the claimed privacy policies. For this to work, users would need to have a minimum level of technical knowledge in order to configure their own browser privacy settings. That is primarily why these types of privacy policies have not caught on.

Also known as browser cookies or tracking cookies, cookies are small, usually encrypted text files, located in your browser’s directory. They are used by publishers on the Internet to help users navigate websites and perform certain functions. Thanks to their core role of enhancing usability or site functions, completely disabling cookies may prevent users from using certain websites. This is how some sites know when you return and keep you logged in, or will display a particular page that you like. Often a cookie may be used to show some content only once – say a popup or popunder or some other advertisement that shows only the first time you visit a site and not every single time you change pages or revisit.

Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the web server. Cookies are created not only by the website that the user is browsing at any particular moment, but also by other websites that run ads, widgets, or other page elements. These cookies govern how the ads appear or how the widgets and other elements function on the page.

Standard uses for browser cookies

Websites set cookies to help authenticate a user if the user logs into a secure area of a website. Login information or credentials are stored in a cookie so that the user may enter and exit the website without having to re-type the same login information over and over again.

Session Cookies

Session Cookies are used by the web server to store information about user page activities so users can easily pick up where they left off on the server’s pages. Without using such cookies, a webpage can not ‘remember’ where you were on your last visit – this can only be done with the use of session cookies. Session Cookies tell the server what pages to show the user so the user doesn’t have to remember where he/she left off or start navigating the site all over again. Session Cookies function almost like a “bookmark” when used on such a site. Similarly, cookies can store ordering information needed to make shopping carts work instead of forcing the user to remember all the items the user put in the shopping cart. This is very useful if your system experiences a disruption in connectivity or your computer ‘crashes’ while you are in thr process of filling a shopping cart.

Persistent or tracking Cookies

Persistent Cookies store user preferences. Many websites allow users to customize exactly how information is presented through site layouts or themes. These customizations make the site easier to navigate and/or lets user leave a part of the user’s “personality” at the site.

Cookie security and privacy issues

Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Since they cannot perform these functions, they fall outside the standard virus definition.

Cookies CAN be used for malicious purposes though. Since they store information about a user’s browsing preferences and history, both on a specific site and browsing among several sites, cookies can be used to act as a form of spyware.

The way responsible and ethical web developers deal with privacy issues caused by cookie tracking is by including clear descriptions of how cookies are deployed on their site. Privacy Policy Online strives to help web developers generate clear and easy-to-understand information for web publishers to include on their web pages.

Privacy Policy Online

The simplest way to ensure that your site complies with the latest regulations is to use the generator at Privacy Policy Online. This will generate a fast and accurate Privacy Policy.

The Children’s Online Privacy Protection Act

Websites that collect information from children under the age of thirteen are required to comply with the Federal Trade Commission ( FTC ) “Children’s Online Privacy Protection Act” (COPPA).

The full text of the “Children’s Online Privacy Protection Act” appears below.

Children’s
Online Privacy Protection Act of 1998

TITLE XIII-CHILDREN’S ONLINE PRIVACY PROTECTION

SEC. 1301. SHORT TITLE.

This title may be cited as the "Children’s Online Privacy Protection Act of
1998".

SEC. 1302. DEFINITIONS.

In this title:

(1) CHILD.—The term "child" means an individual under the age of 13.

(2) OPERATOR.—The term "operator"—

(A) means any person who operates a website located on the Internet or an online
service and who collects or maintains personal information from or about the users of or
visitors to such website or online service, or on whose behalf such information is
collected or maintained, where such website or online service is operated for commercial
purposes, including any person offering products or services for sale through that website
or online service, involving commerce—

(i) among the several States or with 1 or more foreign nations;

(ii) in any territory of the United States or in the District of Columbia, or between
any such territory and—

(I) another such territory; or

(II) any State or foreign nation; or

(iii) between the District of Columbia and any State, territory, or foreign nation; but

(B) does not include any nonprofit entity that would otherwise be exempt from coverage
under section 5 of the Federal Trade Commission Act (15 U.S.C. 45).

(4) DISCLOSURE.—The term "disclosure" means, with respect to personal
information—

(A) the release of personal information collected from a child in identifiable form by
an operator for any purpose, except where such information is provided to a person other
than the operator who provides support for the internal operations of the website and does
not disclose or use that information for any other purpose; and

(B) making personal information collected from a child by a website or online service
directed to children or with actual knowledge that such information was collected from a
child, publicly available in identifiable form, by any means including by a public
posting, through the Internet, or through—

(i) a home page of a website;

(ii) a pen pal service;

(iii) an electronic mail service;

(iv) a message board; or

(v) a chat room.

(5) FEDERAL AGENCY.—The term "Federal agency" means an agency, as that
term is defined in section 551(1) of title 5, United States Code.

(6) INTERNET.—The term "Internet" means collectively the myriad of
computer and telecommunications facilities, including equipment and operating software,
which comprise the interconnected world-wide network of networks that employ the
Transmission Control Protocol/ Internet Protocol, or any predecessor or successor
protocols to such protocol, to communicate information of all kinds by wire or radio.

(B) a home or other physical address including street name and name of a city or town;

(C) an e-mail address;

(D) a telephone number;

(E) a Social Security number;

(F) any other identifier that the Commission determines permits the physical or online
contacting of a specific individual; or

(G) information concerning the child or the parents of that child that the website
collects online from the child and combines with an identifier described in this
paragraph.

(9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent"
means any reasonable effort (taking into consideration available technology), including a
request for authorization for future collection, use, and disclosure described in the
notice, to ensure that a parent of a child receives notice of the operator’s personal
information collection, use, and disclosure practices, and authorizes the collection, use,
and disclosure, as applicable, of personal information and the subsequent use of that
information before that information is collected from that child.

(10) WEBSITE OR ONLINE SERVICE DIRECTED TO CHILDREN.—

(A) IN GENERAL.—The term "website or online service directed to
children" means—

(i) a commercial website or online service that is targeted to children; or

(ii) that portion of a commercial website or online service that is targeted to
children.

(B) LIMITATION.—A commercial website or online service, or a portion of a
commercial website or online service, shall not be deemed directed to children solely for
referring or linking to a commercial website or online service directed to children by
using information location tools, including a directory, index, reference, pointer, or
hypertext link.

SEC. 1303. REGULATION OF UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN CONNECTION WITH
THE COLLECTION AND USE OF PERSONAL INFORMATION FROM AND ABOUT CHILDREN ON THE INTERNET.

(a) ACTS PROHIBITED.—

(1) IN GENERAL.—It is unlawful for an operator of a website or online service
directed to children, or any operator that has actual knowledge that it is collecting
personal information from a child, to collect personal information from a child in a
manner that violates the regulations prescribed under subsection (b).

(2) DISCLOSURE TO PARENT PROTECTED.—Notwithstanding paragraph (1), neither an
operator of such a website or online service nor the operator’s agent shall be held to be
liable under any Federal or State law for any disclosure made in good faith and following
reasonable procedures in responding to a request for disclosure of per-sonal information
under subsection (b)(1)(B)(iii) to the parent of a child.

(b) REGULATIONS.—

(1) IN GENERAL.—Not later than 1 year after the date of the enactment of this Act,
the Commission shall promulgate under section 553 of title 5, United States Code,
regulations that—

(A) require the operator of any website or online service directed to children that
collects personal information from children or the operator of a website or online service
that has actual knowledge that it is collecting personal information from a child—

(i) to provide notice on the website of what information is collected from children by
the operator, how the operator uses such information, and the operator’s disclosure
practices for such information; and

(ii) to obtain verifiable parental consent for the collection, use, or disclosure of
personal information from children;

(B) require the operator to provide, upon request of a parent under this subparagraph
whose child has provided personal information to that website or online service, upon
proper identification of that parent, to such par-ent—

(i) a description of the specific types of personal information collected from the
child by that operator;

(ii) the opportunity at any time to refuse to permit the operator’s further use or
maintenance in retrievable form, or future online collection, of personal information from
that child; and

(iii) notwithstanding any other provision of law, a means that is reasonable under the
circumstances for the parent to obtain any personal information collected from that child;

(C) prohibit conditioning a child’s participation in a game, the offering of a prize,
or another activity on the child disclosing more personal information than is reasonably
necessary to participate in such activity; and

(D) require the operator of such a website or online service to establish and maintain
reasonable procedures to protect the confidentiality, security, and integrity of personal
information collected from children.

(2) WHEN CONSENT NOT REQUIRED.—The regulations shall provide that verifiable
parental consent under paragraph (1)(A)(ii) is not required in the case of—

(A) online contact information collected from a child that is used only to respond
directly on a one-time basis to a specific request from the child and is not used to
recontact the child and is not maintained in retrievable form by the operator;

(B) a request for the name or online contact information of a parent or child that is
used for the sole purpose of obtaining parental consent or providing notice under this
section and where such information is not maintained in retrievable form by the operator
if parental consent is not obtained after a reasonable time;

(C) online contact information collected from a child that is used only to respond more
than once directly to a specific request from the child and is not used to recontact the
child beyond the scope of that request—

(i) if, before any additional response after the initial response to the child, the
operator uses reasonable efforts to provide a parent notice of the online contact
information collected from the child, the purposes for which it is to be used, and an
opportunity for the parent to request that the operator make no further use of the
information and that it not be maintained in retrievable form; or

(ii) without notice to the parent in such circumstances as the Commission may determine
are appropriate, taking into consideration the benefits to the child of access to
information and services, and risks to the security and privacy of the child, in
regulations promulgated under this subsection;

(D) the name of the child and online contact information (to the extent reasonably
necessary to protect the safety of a child participant on the site)—

(i) used only for the purpose of protecting such safety;

(ii) not used to recontact the child or for any other purpose; and

(iii) not disclosed on the site, if the operator uses reasonable efforts to provide a
parent notice of the name and online contact information collected from the child, the
purposes for which it is to be used, and an opportunity for the parent to request that the
operator make no further use of the information and that it not be maintained in
retrievable form; or

(E) the collection, use, or dissemination of such information by the operator of such a
website or online service necessary—

(i) to protect the security or integrity of its website;

(ii) to take precautions against liability;

(iii) to respond to judicial process; or

(iv) to the extent permitted under other provisions of law, to provide information to
law enforcement agencies or for an investigation on a matter related to public safety.
1815

(3) TERMINATION OF SERVICE.—The regulations shall permit the operator of a website
or an online service to terminate service provided to a child whose parent has refused,
under the regulations prescribed under paragraph (1)(B)(ii), to permit the operator’s
further use or maintenance in retrievable form, or future online collection, of personal
information from that child.

(c) ENFORCEMENT.—Subject to sections 1304 and 1306, a violation of a regulation
prescribed under subsection (a) shall be treated as a violation of a rule defining an
unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal
Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

(d) INCONSISTENT STATE LAW.—No State or local government may impose any liability
for commercial activities or actions by operators in interstate or foreign commerce in
connection with an activity or action described in this title that is inconsistent with
the treatment of those activities or actions under this section.

SEC. 1304. SAFE HARBORS.

(a) GUIDELINES.—An operator may satisfy the requirements of regulations issued
under section 1303(b) by following a set of self-regulatory guidelines, issued by
representatives of the marketing or online industries, or by other persons, approved under
subsection (b).

(b) INCENTIVES.—

(1) SELF-REGULATORY INCENTIVES.—In prescribing regulations under section 1303, the
Commission shall provide incentives for self-regulation by operators to implement the
protections afforded children under the regulatory requirements described in subsection
(b) of that section.

(2) DEEMED COMPLIANCE.—Such incentives shall include provisions for ensuring that
a person will be deemed to be in compliance with the requirements of the regulations under
section 1303 if that person complies with guidelines that, after notice and comment, are
approved by the Commission upon making a determination that the guidelines meet the
requirements of the regulations issued under section 1303.

(3) EXPEDITED RESPONSE TO REQUESTS.—The Commission shall act upon requests for
safe harbor treatment within 180 days of the filing of the request, and shall set forth in
writing its conclusions with regard to such requests.

(c) APPEALS.—Final action by the Commission on a request for approval of
guidelines, or the failure to act within 180 days on a request for approval of guidelines,
submitted under subsection (b) may be appealed to a district court of the United States of
appropriate jurisdiction as provided for in section 706 of title 5, United States Code.

SEC. 1305. ACTIONS BY STATES.

(a) IN GENERAL.—

(1) CIVIL ACTIONS.—In any case in which the attorney general of a State has reason
to believe that an interest of the residents of that State has been or is threatened or
adversely affected by the engagement of any person in a practice that violates any
regulation of the Commission prescribed under section 1303(b), the State, as parens
patriae, may bring a civil action on behalf of the residents of the State in a district
court of the United States of appropriate jurisdiction to—

(A) enjoin that practice;

(B) enforce compliance with the regulation;

(C) obtain damage, restitution, or other compensation on behalf of residents of the
State; or

(D) obtain such other relief as the court may consider to be appropriate.

(2) NOTICE.—

(A) IN GENERAL.—Before filing an action under paragraph (1), the attorney general
of the State involved shall provide to the Commission—

(i) written notice of that action; and

(ii) a copy of the complaint for that action.

(B) EXEMPTION.—

(i) IN GENERAL.—Subparagraph (A) shall not apply with respect to the filing of an
action by an attorney general of a State under this subsection, if the attorney general
determines that it is not feasible to provide the notice described in that subparagraph
before the filing of the action.

(ii) NOTIFICATION.—In an action described in clause (i), the attorney general of a
State shall provide notice and a copy of the complaint to the Commission at the same time
as the attorney general files the action.

(b) INTERVENTION.—

(1) IN GENERAL.—On receiving notice under subsection (a)(2), the Commission shall
have the right to intervene in the action that is the subject of the notice.

(2) EFFECT OF INTERVENTION.—If the Commission intervenes in an action under
subsection (a), it shall have the right—

(A) to be heard with respect to any matter that arises in that action; and

(B) to file a petition for appeal.

(3) AMICUS CURIAE.—Upon application to the court, a person whose self-regulatory
guidelines have been approved by the Commission and are relied upon as a defense by any
defendant to a proceeding under this section may file amicus curiae in that proceeding.

(c) CONSTRUCTION.—For purposes of bringing any civil action under subsection (a),
nothing in this title shall be construed to prevent an attorney general of a State from
exercising the powers conferred on the attorney general by the laws of that State to—

(1) conduct investigations;

(2) administer oaths or affirmations; or

(3) compel the attendance of witnesses or the production of documentary and other
evidence.

(d) ACTIONS BY THE COMMISSION.—In any case in which an action is instituted by or
on behalf of the Commission for violation of any regulation prescribed under section 1303,
no State may, during the pendency of that action, institute an action under subsection (a)
against any defendant named in the complaint in that action for violation of that
regulation.

(e) VENUE; SERVICE OF PROCESS.—

(1) VENUE.—Any action brought under subsection (a) may be brought in the district
court of the United States that meets applicable requirements relating to venue under
section 1391 of title 28, United States Code.

(2) SERVICE OF PROCESS.—In an action brought under subsection (a), process may be
served in any district in which the defendant—

(A) is an inhabitant; or

(B) may be found.

SEC. 1306. ADMINISTRATION AND APPLICABILITY OF ACT.

(a) IN GENERAL.—Except as otherwise provided, this title shall be enforced by the
Commission under the Federal Trade Commission Act (15 U.S.C. 41 et seq.).

(b) PROVISIONS.—Compliance with the requirements imposed under this title shall be
enforced under—(1) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818),
in the case of—

(A) national banks, and Federal branches and Federal agencies of foreign banks, by the
Office of the Comptroller of the Currency;

(B) member banks of the Federal Reserve System (other than national banks), branches
and agencies of foreign banks (other than Federal branches, Federal agencies, and insured
State branches of foreign banks), commercial lending companies owned or controlled by
foreign banks, and organizations operating under section 25 or 25(a) of the Federal
Reserve Act (12 U.S.C. 601 et seq. and 611 et seq.), by the Board; and

(C) banks insured by the Federal Deposit Insurance Corporation (other than members of
the Federal Reserve System) and insured State branches of foreign banks, by the Board of
Direc- tors of the Federal Deposit Insurance Corporation;

(2) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), by the Director of
the Office of Thrift Supervision, in the case of a savings association the deposits of
which are insured by the Federal Deposit Insurance Corporation;

(4) part A of subtitle VII of title 49, United States Code, by the Secretary of
Transportation with respect to any air carrier or foreign air carrier subject to that
part;

(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in
section 406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect
to any activities subject to that Act; and

(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit
Administration with respect to any Federal land bank, Federal land bank association,
Federal intermediate credit bank, or production credit association.

(c) EXERCISE OF CERTAIN POWERS.—For the purpose of the exercise by any agency
referred to in subsection (a) of its powers under any Act referred to in that subsection,
a violation of any requirement imposed under this title shall be deemed to be a violation
of a requirement imposed under that Act. In addition to its powers under any provision of
law specifically referred to in subsection (a), each of the agencies referred to in that
subsection may exercise, for the purpose of enforcing compliance with any requirement
imposed under this title, any other authority conferred on it by law.

(d) ACTIONS BY THE COMMISSION.—The Commission shall prevent any person from
violating a rule of the Commission under section 1303 in the same manner, by the same
means, and with the same jurisdiction, powers, and duties as though all applicable terms
and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were
incorporated into and made a part of this title. Any entity that violates such rule shall
be subject to the penalties and entitled to the privileges and immunities provided in the
Federal Trade Commission Act in the same manner, by the same means, and with the same
jurisdiction, power, and duties as though all applicable terms and provisions of the
Federal Trade Commission Act were incorporated into and made a part of this title.

(e) EFFECT ON OTHER LAWS.—Nothing contained in the Act shall be construed to limit
the authority of the Commission under any other provisions of law.

SEC. 1307. REVIEW.

Not later than 5 years after the effective date of the regulations initially issued
under section 1303, the Commission shall—

(1) review the implementation of this title, including the effect of the implementation
of this title on practices relating to the collection and disclosure of information
relating to children, children’s ability to obtain access to information of their choice
online, and on the availability of websites directed to children; and

(2) prepare and submit to Congress a report on the results of the review under
paragraph (1).

SEC. 1308. EFFECTIVE DATE. Sections 1303(a), 1305, and 1306 of this title take
effect on the later of—

(1) the date that is 18 months after the date of enactment of this Act; or

(2) the date on which the Commission rules on the first application filed for safe
harbor treatment under section 1304 if the Commission does not rule on the first such
application within one year after the date of enactment of this Act, but in no case later
than the date that is 30 months after the date of enactment of this Act.

We have gotten many requests for a standard Privacy Policy Template, so here it is! You simply replace the [CAPITALIZED] and bracketed fields with your own information and voila!

We would recommend using our privacy policy generator as it not only will generate a privacy policy much faster, but it offers you several options for encrypting your email to hide it from Spambots.

Here is the text:

Privacy Policy for [YOUR SITE TITLE]

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at [YOUR CONTACT LINK].

At [YOUR SITE URL] we consider the privacy of our visitors to be extremely important. This privacy policy document describes in detail the types of personal information is collected and recorded by [YOUR SITE URL] and how we use it.

Log Files Like many other Web sites, [YOUR SITE URL] makes use of log files. These files merely logs visitors to the site – usually a standard procedure for hosting companies and a part of hosting services’s analytics. The information inside the log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date/time stamp, referring/exit pages, and possibly the number of clicks. This information is used to analyze trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons[YOUR SITE URL] uses cookies to store information about visitors’ preferences, to record user-specific information on which pages the site visitor accesses or visits, and to personalize or customize our web page content based upon visitors’ browser type or other information that the visitor sends via their browser.

DoubleClick DART Cookie

→ Google, as a third party vendor, uses cookies to serve ads on [YOUR SITE URL].

→ Google’s use of the DART cookie enables it to serve ads to our site’s visitors based upon their visit to [YOUR SITE URL] and other sites on the Internet.

Some of our advertising partners may use cookies and web beacons on our site. Our advertising partners include …….

Google

Commission Junction

Amazon

Adbrite

Clickbank

Yahoo! Publisher Network

Chitika

Kontera

While each of these advertising partners has their own Privacy Policy for their site, an updated and hyperlinked resource is maintained here: Privacy Policies.

You may consult this listing to find the privacy policy for each of the advertising partners of [YOUR SITE URL].

These third-party ad servers or ad networks use technology in their respective advertisements and links that appear on [YOUR SITE URL] and which are sent directly to your browser. They automatically receive your IP address when this occurs. Other technologies (such as cookies, JavaScript, or Web Beacons) may also be used by our site’s third-party ad networks to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on the site.

[YOUR SITE URL] has no access to or control over these cookies that are used by third-party advertisers.

Third Party Privacy Policies

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. [YOUR SITE URL]‘s privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites. You may find a comprehensive listing of these privacy policies and their links here: Privacy Policy Links.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers’ respective websites. What Are Cookies?

Children’s InformationWe believe it is important to provide added protection for children online. We encourage parents and guardians to spend time online with their children to observe, participate in and/or monitor and guide their online activity.
[YOUR SITE URL] does not knowingly collect any personally identifiable information from children under the age of 13. If a parent or guardian believes that [YOUR SITE URL] has in its database the personally-identifiable information of a child under the age of 13, please contact us immediately (using the contact in the first paragraph) and we will use our best efforts to promptly remove such information from our records.

Online Privacy Policy Only
This privacy policy applies only to our online activities and is valid for visitors to our website and regarding information shared and/or collected there.
This policy does not apply to any information collected offline or via channels other than this website.

Consent
By using our website, you hereby consent to our privacy policy and agree to its terms.

Should we update, amend or make any changes to our privacy policy, those changes will be posted here.

Here is the HTML for the above privacy policy template:

Privacy Policy for [YOUR SITE TITLE]

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at [YOUR CONTACT LINK].

At [YOUR SITE URL] we consider the privacy of our visitors to be extremely important. This privacy policy document describes in detail the types of personal information is collected and recorded by [YOUR SITE URL] and how we use it.

Log Files Like many other Web sites, [YOUR SITE URL] makes use of log files. These files merely logs visitors to the site – usually a standard procedure for hosting companies and a part of hosting services’s analytics. The information inside the log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date/time stamp, referring/exit pages, and possibly the number of clicks. This information is used to analyze trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons[YOUR SITE URL] uses cookies to store information about visitors’ preferences, to record user-specific information on which pages the site visitor accesses or visits, and to personalize or customize our web page content based upon visitors’ browser type or other information that the visitor sends via their browser.

DoubleClick DART Cookie

→ Google, as a third party vendor, uses cookies to serve ads on [YOUR SITE URL].

→ Google’s use of the DART cookie enables it to serve ads to our site’s visitors based upon their visit to [YOUR SITE URL] and other sites on the Internet.

Some of our advertising partners may use cookies and web beacons on our site. Our advertising partners include …….

Google

Commission Junction

Amazon

Adbrite

Clickbank

Yahoo! Publisher Network

Chitika

Kontera

While each of these advertising partners has their own Privacy Policy for their site, an updated and hyperlinked resource is maintained here: Privacy Policies.

You may consult this listing to find the privacy policy for each of the advertising partners of [YOUR SITE URL].

These third-party ad servers or ad networks use technology in their respective advertisements and links that appear on [YOUR SITE URL] and which are sent directly to your browser. They automatically receive your IP address when this occurs. Other technologies (such as cookies, JavaScript, or Web Beacons) may also be used by our site’s third-party ad networks to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on the site.

[YOUR SITE URL] has no access to or control over these cookies that are used by third-party advertisers.

Third Party Privacy Policies

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. [YOUR SITE URL]‘s privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites. You may find a comprehensive listing of these privacy policies and their links here: Privacy Policy Links.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers’ respective websites. What Are Cookies?

Children’s InformationWe believe it is important to provide added protection for children online. We encourage parents and guardians to spend time online with their children to observe, participate in and/or monitor and guide their online activity.
[YOUR SITE URL] does not knowingly collect any personally identifiable information from children under the age of 13. If a parent or guardian believes that [YOUR SITE URL] has in its database the personally-identifiable information of a child under the age of 13, please contact us immediately (using the contact in the first paragraph) and we will use our best efforts to promptly remove such information from our records.

Online Privacy Policy Only
This privacy policy applies only to our online activities and is valid for visitors to our website and regarding information shared and/or collected there.
This policy does not apply to any information collected offline or via channels other than this website.

Consent
By using our website, you hereby consent to our privacy policy and agree to its terms.